As requested in https://chromium-review.googlesource.com/c/v8/v8/+/3794708
No intended behavior change.
Bug: none
Change-Id: I5816ecf6073dc3c0d558d52518e38e4dbee7d562
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796233
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82117}
This CL fixes issues in YoungGenerationConcurrentMarkingVisitor
(YGCMV) that were discovered during an offline integration test which
uses YGCMV during MinorMC's final pause.
This also adds PopOnHold() to EmptyMarkingWorklist, in order to
process on-hold objects during final pause once concurrent marking is
working.
Bug: v8:13012
Change-Id: Ia4fef101bd974de9f5b031974cdae787dcbd3819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803030
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82116}
The type stored in {Result} should not always be the same as derived by
the compiler for the argument to {Decoder::toResult}. If we pass in a
temporary, we most often want it to be stored by value, not by
reference.
This CL enforces this; if requirements change in the future, we can
remove the static assertions and think about how to protect against
accidental UAF when referencing a temporary value.
R=jkummerow@chromium.orgCC=mliedtke@chromium.org
Change-Id: Ia0449e6ed7342319799479b200af35660fccc6d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792115
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82115}
Refactor out the parallel move algorithm into a helper class, and add
stack slot support for cases where stack slots can clobber each other
(e.g. a Phi which is an input to another Phi). Also add some
documentation for how these parallel moves work.
Bug: v8:7700
Change-Id: Ib9bb1cce8287e2ad34b4417b77b148a1ad483268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803032
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82113}
clang now complains when a BitField for an enum is too wide.
We could suppress this, but it seems kind of useful from an
uninformed distance, so I made a few bitfields smaller instead.
(For AddressingMode, since its size is target-dependent, I added
an explicit underlying type to the enum instead, which suppresses
the diag on a per-enum basis.)
This is without any understanding of the code I'm touching.
Especially the change in v8-internal.h feels a bit risky to me.
Bug: chromium:1348574
Change-Id: I73395de593045036b72dadf4e3147b5f7e13c958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794708
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82109}
struct.new_default may not be called for immutable structs.
Follow-up to d2c75d321e.
Change-Id: I7b682938ca5da00ef6c9bec29856133301beb6b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802688
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82108}
Introduce RootVisitor and related class hierarchy to just handle
roots. This avoids the awkard definitions for roots visiation in all
the cases they are not needed.
Change-Id: Ib0912e4bf543db2ecf68caead6929c68d6afdda6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782794
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82107}
Bump the memory size limit of memory64 memories from 4GB to 16GB. Tests
are added for larger sizes (5GB, 16GB).
Drive-by: Improve two decoder errors to properly include the unit,
tested by the new tests.
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I99dfc216b9213838784214c0b65ba863831d5884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789507
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82105}
- No slots are invalidated as all slots are always treated as tagged
or aligned pointers.
- The map is not updated.
Change-Id: Ifb8ffddfa3b626de3233f17f67b46fec36146f2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3795378
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82104}
Make sure to always start at the innermost loop, and to have Jump phis
participate in the lifetime extension.
Bug: v8:7700
Change-Id: Iefb9108519d027782ba9f0ce8c0696fba0a0aa52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793390
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82102}
It's difficult to say which structs might in the future have deprecated
fields, so this CL adds tests for two more for now.
Once we add deprecated fields, we then need to define copy/move
constructs and assignment operators via
{ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS} (same as for other structs
which are not tested yet).
R=mlippautz@chromium.org
Bug: v8:13092
Change-Id: I89a330661a02d86d3d48e216b69cb6f77f02cff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82098}
When an object either gets promoted or evacuated, old-to-shared slots
need to be recorded like we already do for old-to-old or old-to-new.
Bug: v8:11708
Change-Id: Ifb5b3d50a59aa45bf8289e1cd7610bb2f317fd6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794648
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82096}
The function returns true if the function does not do anything like:
() => {}.
Change-Id: I049d7956c443b5d2bb8017a48547376f13acd0a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3778969
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82093}
In https://crrev.com/c/3764190, V8_COMPILER_IS_MSVC gets used before it
is defined, so it has no effect. Move the V8_COMPILER_IS_MSVC define up
to fix this.
Change-Id: I94c63ad2a8a7555c85730792c1f91e1285a9b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3774095
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82090}
zero extending the offset register must happen regardless
of the length of the offset_imm.
We can only use ip as the offset_reg as r0 and and r1
are being used as scratch later on.
Change-Id: I5517f974af40eb014b8e1f58f8e531909c4d466a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794646
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82087}
The jump table and far jump table are allocated once per code space, but
the lazy compile table only needs to exist exactly once, and it does not
really matter in which code space we allocate it.
Before dynamic tiering, we could always allocate it in the initial code
space (which was empty at the point when we allocated it), but with
deserialization of a partially tiered module we can end up in a
situation where we first deserialize some TurboFan functions into the
initial code space, and when we later try to allocate the lazy compile
table (when we encounter the first non-serialized function) we do not
have enough space any more in the initial code space.
This CL allows to allocate the lazy compile jump table in any code space
to avoid that failure.
R=thibaudm@chromium.org
Bug: chromium:1348472, chromium:1348214
Change-Id: I58c9a8a6541f2ab7df26ddfd1b65d31cc99337fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792607
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82086}
With this CL, blocks at the end of the ExternalPointerTable that are
completely empty after sweeping will be decommitted to reduce the
table's memory footprint.
Bug: v8:10391
Change-Id: I1002e95a0f9c22400fdd2620047d86738a1f7af4
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791903
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82085}
Port 781a5b5ad6
Original Commit Message:
Many platform-dependent LiftoffAssembler methods do not use all
parameters. Comment out the name of unused ones, to make it easier to
see which implementation uses which parameters.
Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
unused there.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I861df687e373ed7dd302fc5e2e1299f09f899166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792177
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82084}
This is a reland of commit 07e11a64e4.
The original change removed the fill_thehole_and_call_runtime bailout
in StringBuiltinsAssembler::StringToArray() so when the string
is external and cannot be unpacked, the FixedArray won't be filled
with holes before we call into the runtime, thus failing a
heap verification if a GC happens before the array is filled. This
reland adds back the bailout for this case.
Bug: v8:12718, chromium:1330410
Original change's description:
> [heap] pre-populate the single_character_string_cache
>
> This simplifies the code and removes the runtime overhead of
> spontaneously adding strings to the cache.
>
> Bug: v8:12718
> Change-Id: I2ed49bd82e3baf2563eeb8f463be72c0308c52c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616553
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#80803}
Change-Id: I25e8724d511a8d0d971fa2a9b6ba8a0eafce4413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793525
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82082}
If we grow memory (out-of-place, so only without trap handling and only
if the maximum is >1GB) and the previous size is close to the maximum,
then the minimum growth we calculate can be bigger than the allowed
maximum. In this situation, the {std::clamp} has undefined behaviour,
since the provided lower limit is bigger then the upper limit.
Thus apply {std::min} and {std::max} in an order such that {max_pages}
has precedence over {min_growth}.
R=thibaudm@chromium.org
Bug: chromium:1348335
Change-Id: I4f9e9ce10a0685892248eaf0e06ffd2e84b9a069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793396
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82081}
This fixes some instances of -Wundefined-inline in the C++20 build.
Bug: chromium:1284275
Change-Id: I134e866183e1e42b9726153964af9910d03cd3b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791525
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82080}
Due to popular demand.
As a necessary byproduct, this drops our former experimental in-progress
support for accessing struct fields from JS as `.field0` etc. If we need
something similar in the future, we'll have to build a new mechanism for
it that scales to >1020 fields.
Bug: v8:7748
Change-Id: I08b2051bd9f76cf7128f3d4c74910ca891c38130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793616
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82079}
So far all OLD_TO_SHARED slots were deleted after a shared GC. The
remembered set was rebuilt in the next shared GC from scratch. This CL
changes this behavior to only remove slots that don't point into the
shared heap anymore.
We still need to remove the full OLD_TO_SHARED slot set for young
generation pages though. During a shared GC we use the OLD_TO_SHARED
remembered set to cache references into the shared heap even for
pages in the young generation to avoid the second new space object
iteration.
Bug: v8:11708
Change-Id: If92fca25e8fe7e7bf5fc5562c974b0d4c121cb02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3790967
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82078}
Call test functions immediately, and make them print their name before
execution.
R=thibaudm@chromium.org
Change-Id: I2057e2b3c2032c342a86705dbda8992aa54493e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793612
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82077}
It also changes Abort to be a ControlNode.
Bug: v8:7700
Change-Id: I836c353f8110140c023c582ea91c456e23196921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793397
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82076}
The {LiftoffAssembler::Load} method already receives an {i64_offset}
parameter which skips the UXTW (zero extension of 32-bit addresses) in
the memory operand. The same needs to happen on stores.
On 32-bit platforms, we cannot have addresses >=4GB anyway (they would
be detected as OOB before reaching the point in question), so this is
not a problem. On x64, all 32-bit registers are zero-extended already
(which is debug-checked in the generated code), so this is also no
problem (and we just ignore the additional parameter).
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I3c2266dde1bf9d182b6759893f7f64540ae12261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791051
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82074}
Table<any> is not allowed any more and may therefore not be generated by
the fuzzer. Instead, the new type is table<externref>.
Bug: chromium:1348437
Change-Id: Ibf788222fc777508e59178db48e6497a18b250d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793610
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82073}
This is required by the MVP spec. In the future, it might be possible
to pass values for any immutable fields.
Bug: v8:7748
Change-Id: Ie7705b48e9d6ebb87d5e1b0a2a10556302395db6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793383
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82072}
Many platform-dependent LiftoffAssembler methods do not use all
parameters. Comment out the name of unused ones, to make it easier to
see which implementation uses which parameters.
Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
unused there.
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I57281237c493cc35c3cd31d814bca9bef510fdd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791049
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82070}
